Connect with us

Hi, what are you looking for?


Endpoint Security

Companies Respond to ‘Downfall’ Intel CPU Vulnerability 

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Reptar Intel CPU vulnerability

Several major companies have published security advisories in response to the recently disclosed Intel CPU vulnerability named Downfall. 

Discovered by Google researchers and officially tracked as CVE-2022-40982, Downfall is a side-channel attack method that allows a local attacker — or a piece of malware — to obtain potentially sensitive information such as passwords and encryption keys from the targeted device.

Cloud environments are also impacted and it may be possible to launch remote attacks via a web browser, but more research is needed to demonstrate such an attack. 

Intel Core and Xeon processors released over the past decade are impacted. The chip maker is releasing firmware updates, as well as mitigations, in response to the vulnerability.

The flaw impacts memory optimization features in Intel processors and the attack leverages two techniques dubbed Gather Data Sampling (GDS) and Gather Value Injection (GVI).

The GDS method has been described as “highly practical” and Google researchers created a proof-of-concept (PoC) exploit that can steal encryption keys from OpenSSL. 

Several organizations have released advisories in response to the Downfall vulnerability since its disclosure on August 8. 


Advertisement. Scroll to continue reading.

The OpenSSL Project published a blog post this week pointing out that while the Downfall attack has been demonstrated against OpenSSL, it’s “highly general microarchitectural side-channel attack which can compromise the security of essentially any software”.

“Because OpenSSL provides accelerated implementations of many cryptographic primitives using x86 SIMD instructions, if an attacker executes an attack using this vulnerability on a process performing cryptographic operations using OpenSSL, there is an elevated risk that the information they are able to extract will include cryptographic key material or plaintexts, as this material is likely to have been recently processed in the victim process using SIMD instructions. In other words, the risk to key material or other cryptographic material is particularly high,” the OpenSSL Project explained. 

AWS, Microsoft Azure, Google Cloud

AWS said its customers’ data and cloud instances are not affected by Downfall and no action is required. The cloud giant did note that it has “designed and implemented its infrastructure with protections against this class of issues”.

Microsoft said it rolled out updates to its Azure infrastructure to patch the vulnerability. In most cases — except customers that have opted out of automatic updates — users do not need to take any action. 

Google Cloud also said no customer action is required. The company has applied available patches on its server fleet. However, some products require additional updates from its partners or vendors.


Cisco said its UCS B-Series M6 blade servers and UCS C-Series M6 rack servers use Intel CPUs that are vulnerable to Downfall attacks. 


Citrix has published an advisory informing customers that ​​CVE-2022-40982 only impacts Citrix Hypervisor when running on vulnerable Intel CPUs.


Dell has released BIOS patches for Alienware, ChengMing, G series, Precision, Inspiron, Latitude, OptiPlex, Vostro, and XPS computers.


HP has started releasing SoftPaqs that address Downfall for its business and consumer PCs, workstations, and retail PoS systems. 


Lenovo has started releasing BIOS updates that address the vulnerability for its desktops (including all-in-one), notebooks, laptops, servers and appliances.  


NetApp said multiple products incorporate Intel chips and it’s working on determining which of them are impacted. To date it has confirmed that some AFF and FAS storage systems are affected, but several products are still being analyzed.


The cloud giant OVH has confirmed that Downfall impacts OVHcloud products. The company has summarized the steps it has taken and the actions that administrators need to conduct in response to the vulnerability.  


SuperMicro released a security bulletin to inform users about recent Intel firmware patches, including for Downfall, and said it has developed a BIOS update in response to the vulnerabilities. 


VMware informed customers that hypervisors may be affected by CVE-2022-40982 if they are using an impacted Intel CPU, but hypervisor patches are not needed to address the vulnerability. Instead, impacted customers need to obtain firmware updates from their hardware vendors.


Xen said all versions of its hypervisor are affected if running on devices with vulnerable Intel CPUs. In addition to recommending firmware updates from hardware vendors, the organization has provided mitigations, but warned that they could significantly impact performance. 

Linux distributions

Several Linux distributions have released advisories, patches and mitigations for systems using Intel processors. The list includes SUSE, CloudLinux, RedHat, Ubuntu and Debian.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.